information exfiltration with
play

Information Exfiltration with Wi Wi-Fi Micro-Jamming ROM OGEN - PowerPoint PPT Presentation

Apr 16, 2023 •16 likes •296 views

Sensorless, , Permissionless Information Exfiltration with Wi Wi-Fi Micro-Jamming ROM OGEN (ROMOG@POST.BGU.AC.IL) OMER SHWARTZ (OMERSHV@POST.BGU.AC.IL) KFIR ZVI (ZVIKF@POST.BGU.AC.IL) YOSSI OREN (YOS@BGU.AC.IL) BEN-GURION UNIVERSITY OF THE

  1. Sensorless, , Permissionless Information Exfiltration with Wi Wi-Fi Micro-Jamming ROM OGEN (ROMOG@POST.BGU.AC.IL) OMER SHWARTZ (OMERSHV@POST.BGU.AC.IL) KFIR ZVI (ZVIKF@POST.BGU.AC.IL) YOSSI OREN (YOS@BGU.AC.IL) BEN-GURION UNIVERSITY OF THE NEGEV, ISRAEL

  2. Background “ A covert listening device, more commonly known as a bug or a wire, is usually a combination of a miniature radio transmitter with a microphone. The use of bugs, called bugging, is a common technique in surveillance, espionage and police investigations. “ - Wikipedia

  3. Previous Works Farshteindiker et al. [1] used a device ’ s gyroscope to exfiltrate data through a victim device. A piezoelectric device causes interferences to the gyroscope sensor that are readable through a javascript running on the device. [1] Farshteindiker, Benyamin, Nir Hasidim, Asaf Grosz, and Yossi Oren. "How to Phone Home with Someone Else's Phone: Information Exfiltration Using Intentional Sound Noise on Gyroscopic Sensors." In WOOT . 2016.

  4. Objectives Develop and evaluate an exfiltration technique that maintains the advantages: 1. Covert 2. Permissionless 3. Long range While reducing the limitations: 1. Need of physical contact with the victim 2. Power requirements

  5. Our Contribution

  6. "Covert channels through external interference." Shah and Blaze [2] introduced the concept of an “ interference channel ” , which they defined as a “ covert channel that works by creating external interference on a shared communications medium ” [2] Shah, Gaurav, and Matt Blaze. "Covert channels through external interference." Proceedings of the 3rd USENIX conference on Offensive technologies (WOOT09) . 2009.

  7. Interference Channel The sender cannot communicate directly with the receiver. The victim is an uninvolved, unknowing device performing normal communications. The receiver is capable of receiving some output from the victim and has the ability to separate the benign data from the payload. The malicious communication is hiding in plain sight.

  8. Micro-Jamming Many communication protocols, including 802.11, incorporate CCA (Clear Channel Assessment) mechanisms to maintain non-distruptiveness. By briefly jamming the radio channel, Wi-Fi frames and responses can be delayed for several milliseconds.

  9. Micro-Jamming

  10. Micro-Jamming

  11. Micro-Jamming

  12. Micro-Jamming

  13. Traditional Jamming vs Micro-Jamming Traditional Jamming Micro-Jamming Mode of operation Packet loss Packet delay Network layers affected At least 1-2 Only layer 1 Required transmission power Stronger than blocked signal Minimum required for sensing

  14. Test Setup - Active

  15. Test Setup - Active

  16. Test Setup - Active ATMEGA256RFR2 Xplained Pro evaluation board Keysight 33622A waveform generator Tektronix RSA604 real-time signal analyzer

  17. Results

  18. Results

  19. Results Successful data transfer at rates of 40 bits-per-second with <10% error rate. Effective to a range of 15+ meters, works through walls. Found functional at low transmission powers of -17 dBm, or 20 microwatts.

  20. Micro-Jamming Done Passively When an antenna switches its impendence in a given frequency, it modulates reflects any ambient radio signals while imposing a frequency shift. Previous works [3] have used this phenomenon to shift one Wi-Fi channel to another while modulating data on top of it. Using similar techniques, it is possible to jam a Wi-Fi channel using zero energy for transmission. [3] Bryce Kellogg, Vamsi Talla, Shyamnath Gollakota, and Joshua R. Smith. Passive wi-fi: Bringing low power to wi-fi transmissions. 13th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2016, Santa Clara, CA, USA.

  21. Test Setup - Passive

  22. Test Setup – Passive

  23. Test Setup – Passive

  24. Traditional Jamming vs Micro-Jamming (cont ’ ) Traditional Jamming Micro-Jamming Range vs transmission power Small, must overcome existing Large signals Can be done passively? Not effectively? Demonstrated in the paper Detectability Shows in standard network Hard to differentiate from logs noise

  25. Demo

  26. Demo

  27. Conclusions Micro-jamming was shown as an effective development over traditional jamming as a covert channel. Using micro-jamming, an implant can transmit over longer distances and use less power than with traditional jamming. In addition, micro-jamming allows for lower-profile exfiltration of data that is harder to detect without actively looking with the right equipment.

  28. Thank You – Any Questions? Rom Ogen (romog@post.bgu.ac.il) Omer Shwartz (omershv@post.bgu.ac.il) Kfir Zvi (zvikf@post.bgu.ac.il) Yossi Oren (yos@bgu.ac.il) Come see our live demo at the USENIX poster session! https://iss.oy.ne.ro/Microjam

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan,

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan,

Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications Elleen Pan, Jingjing Ren, Martina Lindorfer*, Christo Wilson, and David Choffnes Northeastern University, *UC Santa Barbara Motivation + internet connectivity

400 views • 36 slides
EFAIL BREAKING S/MIME AND OPENPGP EMAIL ENCRYPTION USING EXFILTRATION CHANNELS mail@efail.de |

EFAIL BREAKING S/MIME AND OPENPGP EMAIL ENCRYPTION USING EXFILTRATION CHANNELS mail@efail.de |

EFAIL BREAKING S/MIME AND OPENPGP EMAIL ENCRYPTION USING EXFILTRATION CHANNELS mail@efail.de | https://www.efail.de 1 Mnster University of Applied Sciences Damian Poddebniak 1 , Christian Dresen 1 , Jens Mller 2 , Fabian Ising 1 , 2 Ruhr

675 views • 41 slides
WOPR SUMMIT Red v Blue Workshop What will we do today? Red / Blue Team Theory APT

WOPR SUMMIT Red v Blue Workshop What will we do today? Red / Blue Team Theory APT

WOPR SUMMIT Red v Blue Workshop What will we do today? Red / Blue Team Theory APT Emulation Kill Chain Phishing Dropper Some Detection Expansion Deep Persistence Actions on goals Exfiltration

1.58k views • 140 slides
UYR Second level Third level Under Your Radar Fourth level Fifth level

UYR Second level Third level Under Your Radar Fourth level Fifth level

Click to edit Master title style Click to edit Master text styles UYR Second level Third level Under Your Radar Fourth level Fifth level Covert Channel &amp; Exfiltration Ali Hadi / Mariam Khader Princess Sumaya

277 views • 25 slides
Collaborators Tracy Liu (PhD Student, UCDavis) Rennie Archibald (PhD Student, UCDavis)

Collaborators Tracy Liu (PhD Student, UCDavis) Rennie Archibald (PhD Student, UCDavis)

Detecting Sensitive Data Exfiltration by an Insider Attack Dipak Ghosal University of California, Davis Collaborators Tracy Liu (PhD Student, UCDavis) Rennie Archibald (PhD Student, UCDavis) Matt Masuda (Undergraduate Student, UC

521 views • 11 slides
Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby,

Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby,

Auditing IoT Communications with TLS-RaR Judson Wilson, Henry Corrigan-Gibbs, Riad S. Wahby, Keith Winstein, Philip Levis, Dan Boneh Stanford University Auditing Standard Devices MITM Used for: security audit automated exfiltration

971 views • 64 slides
NII Homepage INFORMATION SYSTEMS IN JAPAN 2.1 The Science Information System and NACSIS / NII

NII Homepage INFORMATION SYSTEMS IN JAPAN 2.1 The Science Information System and NACSIS / NII

1. ECONOMICS OF INFORMATION Economics of Information Services 1.1 Microeconomics of Information 1961- Market Models with Asymmetric Information for Scientific and Technical Data in Information Cost / Value the Information Age: Lemon Market,

530 views • 6 slides
Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies

Cambridge Centre for Risk Studies Advisory Board Research Showcase 24 January 2017 Cyber Risk Research at CCRS Jennifer Copic Research Assistant Cambridge Centre for Risk Studies Largest Cyber Data Exfiltration Event: Yahoo August 2013

296 views • 18 slides
Information Information partition Player 's information partition is a collection of his

Information Information partition Player 's information partition is a collection of his

Information by Prof. Kyung Hwan Baik. Slides for chapter 7 of Games and Information Information partition Player 's information partition is a collection of his information sets i such that each path is represented by one node in

799 views • 43 slides
1 Information and its Presentation: Gender Cues in Low-Information vs. High-Information

1 Information and its Presentation: Gender Cues in Low-Information vs. High-Information

Information and its Presentation: Gender Cues in Low-Information vs. High-Information Experiments David J. Andersen Tessa Ditonto Iowa State University (9214 words) This article examines how the presentation of information during a laboratory

738 views • 37 slides
. distribution of all types of information . Not just news and advertising Meet the information

. distribution of all types of information . Not just news and advertising Meet the information

Presentation By Howard I. Finberg Director, Information Te chnology The fuizona Republic 4/3/e7 TECHNOLOGY STRATEGY Become the information leader . Effective collection, storage, retrieval and . distribution of all types of information . Not just

1.21k views • 22 slides
optimization work (including the timing thereof), construction activities, power supply and

optimization work (including the timing thereof), construction activities, power supply and

Certain information contained in this presentation constitutes forward looking information. This information may relate to future events or the Companys future performance. All information other than information of historical fact is forward

594 views • 41 slides
Certain information contained in this presentation constitutes forward looking information. This

Certain information contained in this presentation constitutes forward looking information. This

Certain information contained in this presentation constitutes forward looking information. This information may relate to futur e events or the Companys future performance. All information other than information of historical fact is forward

489 views • 13 slides
Information The following Information has been compiled from various sources by

Information The following Information has been compiled from various sources by

Information The following Information has been compiled from various sources by Westaff/Personnel Plus! HR Consultants It has been updated to be current as of this morning but It contains perishable information that can change at any

805 views • 45 slides
Requesting information under the Freedom of Information Act and the Data Protection Act Leigh

Requesting information under the Freedom of Information Act and the Data Protection Act Leigh

Requesting information under the Freedom of Information Act and the Data Protection Act Leigh Day / CORE Training Event on Access to Information 10 July 2015 Emily Soothill Freedom of Information Act 2000 (FOIA) &quot; Freedom of Information

568 views • 18 slides
Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval

Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval

Introduction to Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval Information Retrieval (IR) is finding material (usually documents) of an unstructured nature (usually text) that satisfies an

1.01k views • 57 slides
Micro-Blog: Sharing and Querying Content Through Mobile Phones and Social Participation

Micro-Blog: Sharing and Querying Content Through Mobile Phones and Social Participation

Micro-Blog: Sharing and Querying Content Through Mobile Phones and Social Participation Presented by Paul Ksiazek Motivation Sensor Networks Inexpensive Gather data over large area Mobile phones Virtual Information

455 views • 17 slides
zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web

zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web

zero to cloud micro-app in 300ms Local Computing: User Friendly but Limited, Isolated Web Computing: Connected, Scalable but Overwhelming With no simple approach to creating small cloud programs... many cloud ideas simply dont get

68 views • 6 slides
Micro-debates for Policy-Making Simone Gabbriellini and Paolo Torroni Department of Informatics:

Micro-debates for Policy-Making Simone Gabbriellini and Paolo Torroni Department of Informatics:

Micro-debates for Policy-Making Simone Gabbriellini and Paolo Torroni Department of Informatics: Science &amp; Engineering (DISI) University of Bologna Introduction Administrations and policy-makers are more and more interested in using

480 views • 22 slides
Multilevel estimation of contextual effects Philip S. Morrison. Victoria University of Wellington

Multilevel estimation of contextual effects Philip S. Morrison. Victoria University of Wellington

Multilevel estimation of contextual effects Philip S. Morrison. Victoria University of Wellington Philip.Morrison@vuw.ac.nz Oceania Stata User Group Meeting. The University of Sydney Business School 28-30 September 2016 2 Whats the

317 views • 28 slides
Reverse Engineering x86 Processor Microcode CanSecWest 2018 Marc 16, 2018, Vancouver, Canada

Reverse Engineering x86 Processor Microcode CanSecWest 2018 Marc 16, 2018, Vancouver, Canada

Reverse Engineering x86 Processor Microcode CanSecWest 2018 Marc 16, 2018, Vancouver, Canada Philipp Koppe, Benjamin Kollenda, Marc Fyrbiak, Christian Kison, Robert Gawlik, Christof Paar, Thorsten Holz Horst Grtz Institute for IT-Security em

1.44k views • 109 slides
Mic r o Pur c hase &amp; Small Pur c hase Pr oc ur e me nt Informa l Proc ure me nt Me

Mic r o Pur c hase &amp; Small Pur c hase Pr oc ur e me nt Informa l Proc ure me nt Me

Mic r o Pur c hase &amp; Small Pur c hase Pr oc ur e me nt Informa l Proc ure me nt Me thods Sma ll Purc ha se Mic ro Purc ha se s Proc e dure s 200. 320(a ) 200.320(b ) Re g ula tions 200.67 200.88 Mic ro -purc ha se : a c q

561 views • 29 slides
Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search

Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search

Faster, Faster, Faster: . . . Blame It on Einsteins . . . Honey, I Shrunk the . . . Why Is Micro-World . . . Quantum Computing, At First Glance, This . . . Here We Come! Making Lemonade . . . Fast Search Vladik Kreinovich End of

566 views • 25 slides
EC487 Advanced Microeconomics, Part I: Lecture 1 Leonardo Felli 32L.LG.04 29 September, 2017

EC487 Advanced Microeconomics, Part I: Lecture 1 Leonardo Felli 32L.LG.04 29 September, 2017

EC487 Advanced Microeconomics, Part I: Lecture 1 Leonardo Felli 32L.LG.04 29 September, 2017 Course Outline Microeconomic Theory Lecture 1: Production Theory and Profit Maximization. Lecture 2: Cost Minimization and Aggregation.

996 views • 55 slides

More recommend